CSIA 105 Final Exam Review Questions
with Correct Answers
The goal of what type of threat evaluation is to better understand who the attackers are,
why they attack, and what types of attacks might occur? - Answer-threat modeling
What is the name of the process that takes a snapshot of the current security of an
organization? - Answer-vulnerability appraisal
The comparison of the present state of a system to its baseline is known as what? -
Answer-Baseline reporting
In order to minimize vulnerabilities in software, code should be subject to and analyzed
while it is being written in what option below? - Answer-code review
What is the name for the code that can be executed by unauthorized users within a
software product? - Answer-attack surface
During a vulnerability assessment, what type of software can be used to search a
system for port vulnerabilities? - Answer-port scanner
A port in what state below implies that an application or service assigned to that port is
listening for any instructions? - Answer-open port
An administrator running a port scan wants to ensure that no processes are listening on
port 23. What state should the port be in? - Answer-closed port
An administrator needs to view packets and decode and analyze their contents. What
type of application should the administrator use? - Answer-protocol analyzer
Which is the term for a computer typically located in an area with limited security and
loaded with software and data files that appear to be authentic, yet they are actually
imitations of real data files. - Answer-honeypot
What is the term for a network set up with intentional vulnerabilities? - Answer-honeynet
What is another term used for a security weakness? - Answer-vulnerability
Which scan examines the current security, in a passive method? - Answer-vulnerability
scan
What is the end result of a penetration test? - Answer-penetration test report
with Correct Answers
The goal of what type of threat evaluation is to better understand who the attackers are,
why they attack, and what types of attacks might occur? - Answer-threat modeling
What is the name of the process that takes a snapshot of the current security of an
organization? - Answer-vulnerability appraisal
The comparison of the present state of a system to its baseline is known as what? -
Answer-Baseline reporting
In order to minimize vulnerabilities in software, code should be subject to and analyzed
while it is being written in what option below? - Answer-code review
What is the name for the code that can be executed by unauthorized users within a
software product? - Answer-attack surface
During a vulnerability assessment, what type of software can be used to search a
system for port vulnerabilities? - Answer-port scanner
A port in what state below implies that an application or service assigned to that port is
listening for any instructions? - Answer-open port
An administrator running a port scan wants to ensure that no processes are listening on
port 23. What state should the port be in? - Answer-closed port
An administrator needs to view packets and decode and analyze their contents. What
type of application should the administrator use? - Answer-protocol analyzer
Which is the term for a computer typically located in an area with limited security and
loaded with software and data files that appear to be authentic, yet they are actually
imitations of real data files. - Answer-honeypot
What is the term for a network set up with intentional vulnerabilities? - Answer-honeynet
What is another term used for a security weakness? - Answer-vulnerability
Which scan examines the current security, in a passive method? - Answer-vulnerability
scan
What is the end result of a penetration test? - Answer-penetration test report
